SANS Digital Forensics and Incident Response Blog: Category - Network Forensics

Hindering Exploitation by Analysing Process Launches

Malware can do some nasty things to your system, but it needs to get on there first. Thankfully, users have become more suspicious of files named FunnyJokes.doc.exe and so malware authors have had to become more innovative, using a mix of social engineering and the constant stream of 0-day browser exploits to land evil code … Continue reading Hindering Exploitation by Analysing Process Launches


Has the smartphone finally outsmarted us?

I can honestly say that the most common question I am asked by examiners, investigators, students and even my neighbors is, "which phone is the most secure?" Obviously, the concern behind the question varies. Some want to secure their own device, and others, like myself, want to prove everyone in DFIR wrong by cracking into … Continue reading Has the smartphone finally outsmarted us?


2015 DFIR Monterey Network Forensic Challenge Results

2015-03-04 UPDATE: I've added some thought process/methodology to the answers inline below. Thanks to everyone that submitted or just played along with the SANS DFIR Network Forensic Challenge! We had over 3,000 evidencedownloads, and more than 500 submissions! Per the rules, the winner must have answered four of the six questions correctly. Then, by random … Continue reading 2015 DFIR Monterey Network Forensic Challenge Results


DFIR Monterey 2015 Network Forensics Challenge Released

DFIR Monterey 2015 Join us at DFIR Monterey 2015 - a Reverse Engineering Digital Forensics and Incident Response Education (REDFIRE) Event. This unique Digital Forensics and Incident Response (DFIR) event brings our most popular forensics courses, instructors, and bonus seminars together in one place to offer one of SANS most comprehensive DFIR training experiences. This … Continue reading DFIR Monterey 2015 Network Forensics Challenge Released